Tenants Attested Trusted Cloud Service

Cloud computing has successfully enabled large scale computing to be offered as pay-as-you-go services to many enterprise and individual tenants. However, the trust on public cloud services has been a sensitive issue for both cloud tenants and cloud service providers (CSPs). Tenants tend to worry about losing the total control over their codes and data hosted on remote servers. Public cloud providers often fear that the applications uploaded by their tenants may carry vicious codes, which may cause serious violations of security and privacy on their cloud platforms. This trust issue has slowed down the wide deployment of public clouds and hindered the promises of cloud computing for both CSPs and Cloud consumers. In this paper, we present Ta-TCS, a novel system framework for two-phase tenants attested trust validation and trust management over their remote VMs and cloud service executions. At the CSP end, we build a Minimal Trusted Environment (MTE) in VMM and an Integrity Verification & Report Service (IVRS) hosted in the control domain Dom0. At the tenant end, we deploy an Integrity Configuration and Attestation Service (ICAS) in new framework. With Ta-TCS, tenants can configure and attest the integrity of their services, and Cloud providers can verify codes running on a guest VM by introspection. Tenants can also check whether the basic platform of Dom0 is trusted or not. This two phase trust establishment increases the level of mutual trust between tenants and its CSP. We implement the first prototype system of Ta-TCS on Xen platform, and most of our implementation mechanisms can be deployed to some open-source virtualization platforms such as KVM. Our evaluation results show that Ta-TCS is effective with negligible performance overhead.